Method of restricting access, for the benefit of authorized users, to resources belonging to interactive services with at least one package of services

ABSTRACT

The subject of the invention concerns a process to restrict, to the benefit of authorized users, access to at least one restricted access resource belonging to at least one interactive service of at least one cluster of services, each user having a processing and memorizing unit linked up to a client machine capable of executing a client program adapted to exchange from a transmission network, data with a server program associated to each interactive service having a service identifier, access to a resource being provided by a request sent by the client program to the server program which processes said request and returns to the client program the response to the request.

The subject of the invention concerns the domain of technical meansadapted to restrict access to resources belonging to interactiveservices being part of at least one cluster of services.

The subject of the invention finds a particularly advantageousapplication in the domain of restricted access to resources belonging tointeractive services. As non-limiting example, can be consideredinteractive services such as the consultation of bank accounts, theconsultation of legal and/or commercial information on corporations, theconsultation of horoscopes, interactive online games, etc. Saidinteractive services comprise restricted access resources. For instance,for a service relative to the consultation of bank accounts, arestricted access resource is the display of a bank account which isaccessible only to the holder of the account.

To illustrate the subject of the invention, FIG. 1 shows the example ofan installation 1 enabling users to access interactive services beingpart of at least a group or cluster. The installation 1 includes foreach user, a client machine 2 enabling to execute a client programadapted to exchange, from a transmission network 3, data with a serverprogram associated to each interactive service. In a simplified manner,each server program of an interactive service is executed by a servermachine linked up to the transmission network 3. As non-limitingexample, each client machine 2 can be a personal computer, the clientprogram can be a software program of the Internet browser type, thetransmission network 3 can be the Internet or an Intranet, the serverprogram can be a web server, and the server machine can be a server ofthe data processing type.

In the rest of the description, the interactive services shall bereferred to as services identifiers S_(i), (with i varying from 1 to I),the clusters shall be referred to as clusters identifiers B_(j), (withvarying from 1 to J), and the server machines shall be referred to asmachines identifiers M_(k), (with k varying from 1 to K).

In the illustrated example, interactive services having as servicesidentifiers S₁, S₂, S₃ and S₄, are accessible respectively from servermachines having as machines identifiers M₁, M₂, M₃ and M₃. Moreover, theinteractive service having as service identifier S₁ is part of thecluster having as cluster identifier B₁, the interactive service havingas service identifier S₂ is part of the cluster having as clusteridentifier B₂, the interactive service having as service identifier S₃is part of the cluster having as cluster identifier B₁ and theinteractive service having as service identifier S₄ is part of the twoclusters having as clusters identifiers B₁ and B₂. In other words, eachuser wishing to access one of the interactive services having asservices identifiers S₁, S₂, S₃ or S₄ belonging respectively to thecluster(s) having as clusters identifiers B₁, B₂, B₁, B₁ and B₂, mustsubmit a request respectively to the server machine having as machineidentifier M₁, M₂, M₃ or M₃.

For certain applications, the need appears to restrict to the benefit ofauthorized users, access to interactive services or at least to certainresources of said services. Thus, an interactive service supplier canmake at least certain resources of its interactive service accessible tothe benefit of users having received an authorization or an accessright. Such authorization can be granted to a user in return, forinstance, for a subscription to the service, free or in return forpayment.

To fulfill the need expressed above, it appears necessary toauthenticate in a reliable manner, a user who has sent a request ofaccess to a restricted access resource of a service and to authorizeaccess to said resource only if the user has an authorization.

The subject of the invention aims at fulfilling that authentication needby proposing a process to enable access to restricted access resourcesof interactive services belonging to at least one cluster, only to thebenefit of authorized users.

So as to reach such a goal, the subject of the invention concerns aprocess to restrict, to the benefit of authorized users, access to atleast one resource belonging to at least one interactive service of atleast one cluster of services, each user having a client machine capableof executing a client program adapted to exchange from a transmissionnetwork, data with a server program associated to each interactiveservice which has a service identifier, access to a resource beingprovided by a request sent by the client program to the server programwhich processes said request and returns to the client program theresponse to the request.

The process according to the invention includes the following steps:

-   -   for each cluster, putting at the disposal of each user, a        processing and memorizing unit designed to be linked up to the        client machine of the user when he wishes to access at least one        restricted access resource, the processing and memorizing unit        including:        -   a cluster identifier enabling to determine the cluster to            which the processing and memorizing unit belongs,        -   a processing and memorizing unit identifier enabling to            characterize the processing and memorizing unit put at the            user's disposal,        -   and a decryption key enabling the decrypting of information            coming from a service of the cluster,    -   enabling each client program, to read in the processing and        memorizing unit which is linked up to it:        -   the cluster identifier,        -   and the processing and memorizing unit identifier,    -   sending by each server program for a service, at least once to        any client program which has submitted a request to it for said        service, a list of clusters identifiers enabling to determine to        which cluster(s) belongs the service to which the request was        submitted,    -   memorizing by each client program which receives a list of        clusters identifiers in response to a request for a service        which has a service identifier, a relation between each cluster        identifier and the identifier of the concerned service,    -   determining, at the time of the sending of a request to a        service which has a service identifier, if the client program        has memorized at least one relation between a cluster identifier        and the identifier of the concerned service, and in the case        where:        -   a cluster identifier is found, comparing said cluster            identifier with the cluster identifier coming from the            processing and memorizing unit and if they are equal, adding            to the request sent by the client program, the processing            and memorizing unit identifier,    -   when a server program receives a request for a service        containing a processing and memorizing unit identifier and which        requests to access a restricted access resource, determining by        using at least the identifier of the concerned service and the        processing and memorizing unit identifier, if the user who owns        the processing and memorizing unit is entitled to access said        resource, and if the user:        -   is not entitled to access the resource, returning to the            client program by the server program, a response            corresponding to a refused access,        -   is entitled to access the resource:            -   determining using at least the processing and memorizing                unit identifier, the encryption key corresponding to the                decryption key contained in the processing and                memorizing unit linked up to the client machine of the                user who has sent the request,            -   encrypting by the server program, at least in part, the                response to the request of access to the restricted                access resource using the encryption key, so as to                obtain an encrypted response,            -   and returning to the client program by the server                program, said encrypted response,    -   and when a client program receives an encrypted response:        -   decrypting the encrypted response received by the client            program using the decryption key contained in the processing            and memorizing unit linked up to it,        -   and presenting the user with the response to his request, as            if said request had reached him non encrypted.

Another subject of the invention aims at satisfying that authenticationneed by proposing a process enabling access to restricted accessresources being part of interactive services belonging to at least twoclusters.

So as to reach such a goal, the process according to the inventioncomprises:

-   -   determining, at the time of the sending of a request to a        service, if the client program has memorized at least one        relation between a cluster identifier and the identifier of the        concerned service, and in the case where:        -   several clusters identifiers are found, comparing said            clusters identifiers with the cluster identifier coming from            the processing and memorizing unit and if an equality is            found, adding the cluster identifier to the request sent by            the client program and already containing the processing and            memorizing unit identifier,    -   when a server program receives a request for a service        containing a processing and memorizing unit identifier and a        cluster identifier and which requests to access a restricted        access resource, determining by using at least the cluster        identifier, the identifier of the concerned service and the        processing and memorizing unit identifier if the user who owns        the processing and memorizing unit is entitled to access said        resource, and if the user:        -   is not entitled to access the resource, returning to the            client program by the server program, a response            corresponding to a refused access,        -   is entitled to access the resource:            -   determining using at least the cluster identifier and                the processing and memorizing unit identifier, the                encryption key corresponding to the decryption key                contained in the processing and memorizing unit linked                up to the client machine of the user who has sent the                request,            -   encrypting by the server program, at least in part, the                response to the request of access to the restricted                access resource using the encryption key, so as to                obtain an encrypted response,            -   and returning to the client program by the server                program, said encrypted response.

Another subject of the invention aims at proposing a processing andmemorizing unit including at least:

-   -   a cluster identifier enabling to determine the cluster to which        belongs the processing and memorizing unit,    -   a processing and memorizing unit identifier enabling to        characterize the processing and memorizing unit put at the        user's disposal,    -   and a decryption key enabling the decrypting of information        coming from a service of the cluster.

Another subject of the invention aims at proposing a client machine ofthe computer type including means to execute a client programimplementing the steps of the process in accordance with the invention.

Another subject of the invention aims at proposing a server machine ofthe data processing type including means to execute a server programimplementing the steps of the process in accordance with the invention.

Another subject of the invention aims at proposing a client program toaccess at least one restricted access resource belonging to at least oneinteractive service, including means programmed to carry out the stepsof the process in accordance with the invention, when said clientprogram is executed on a client machine.

Another subject of the invention aims at proposing a server program forinteractive service including means programmed to carry out the steps ofthe process in accordance with the invention, when said server programis executed on a server machine.

Various other characteristics emerge from the description made below inreference to the appended diagrams which show, as non-limiting examples,embodiments and implementations of the subject of the invention.

FIG. 1 shows a system enabling implementation of a process according toan exemplary, non-limiting embodiment of the present invention.

FIG. 2 shows a client machine enabling to implement the processaccording to the invention.

FIG. 3 shows the sequence of data exchange between the client program ofthe user and the server program of the service in the case where theprocess according to the invention enables access to a service belongingto a cluster.

FIG. 4 shows the sequence of data exchange between the client program ofthe user and the server program of the service in the case where theprocess according to the invention enables access to a service belongingsimultaneously to several clusters of services.

The subject of the invention concerns a process enabling authorizedusers, to access at least one restricted access resource belonging to atleast one interactive service. For the implementation of the processaccording to the invention, each user has, as illustrated in FIG. 2, aclient machine 20 enabling to execute a client program to accessinteractive services as explained in FIG. 1.

In accordance with the invention, said client program must includeadditional functionalities compared to a classical client accessprogram.

As additional functionality, the client program must be able to exchangedata with a processing and memorizing unit 30. The processing andmemorizing unit 30 includes transfer means and processing and memorizingmeans. It must be considered that the transfer means are of softwareand/or hardware nature and are capable of providing and optimizing thedata communication between the client machine 20 and the processing andmemorizing unit 30.

Said processing and memorizing unit 30 is able to:

-   -   using the transfer means:        -   accept data provided by the client machine 20,        -   and return data to the client machine 20,    -   using the processing and memorizing means:        -   to store data possibly in secret and to retain at least a            part of said data even when the processing and memorizing            unit 30 is switched off,        -   and to carry out algorithmic processing on data, part or all            of said processing being possibly secret.

As non-limiting example, said processing and memorizing unit 30 can beconstituted by a material key on the USB bus of the client machine 20or, preferably, by a chip card 31 and its interface 32 commonly calledcard reader linked up to the client machine 20.

In the case where the processing and memorizing unit 30 is constitutedby a chip card 31 and its interface 32, the transfer means are splitinto two parts, one being on the interface 32 and the other one being onthe chip card 31. In this embodiment, the absence of the chip card 31 isconsidered as equivalent to the absence of the processing and memorizingunit 30, inasmuch as the processing and memorizing means contained inthe chip card 31 are missing.

The process according to the invention comprises putting at the disposalof each user, for each cluster having as cluster identifier B_(j), aprocessing and memorizing unit 30 enabling to access the restrictedaccess resources of the interactive service(s) having as serviceidentifier S_(i) being part of the cluster. In the case where a userwishes to access two clusters of services, as illustrated in FIG. 1,said user must have a first processing and memorizing unit to access theinteractive services of the cluster having as cluster identifier B₁ anda second processing and memorizing unit to access the interactiveservices of the cluster having as cluster identifier B₂.

Each processing and memorizing unit 30 includes:

-   -   a cluster identifier BU enabling to determine the cluster to        which the processing and memorizing unit 30 belongs,    -   a processing and memorizing unit identifier UTM enabling to        characterize the processing and memorizing unit 30 put at the        user's disposal. Classically, said processing and memorizing        unit identifier UTM corresponds, for instance to an        identification number of the processing and memorizing unit 30,    -   and a decryption key KD enabling the decrypting of information        coming from an interactive service of the cluster.

As additional functionality, the client program must be able to exchangeadditional identification data with server machines.

As additional functionality, the client program which receives a list ofcluster identifiers in the response to one of its requests, must be ableto memorize relations between the identifier of the service to which therequest was submitted and each of the clusters identifiers of the list.

As additional functionality, the client program must be able to decrypt,with the help of the processing and memorizing unit 30, encrypted datacoming from the server machines.

For the implementation of the process according to the invention, eachserver program serving an interactive service executed by a servermachine includes additional functionalities compared to a classicalserver program which does not implement the process according to theinvention.

As additional functionality, each server program for a service has alist of clusters identifiers BS_(j) enabling to determine to whichcluster(s) the interactive service belongs. When a request is submittedto the service, the server program for said service sends within theresponse, said list of clusters identifiers. In the case of FIG. 1, forinstance the interactive service having as identifier S₁ returns thelist {B₁} and the interactive service having as identifier S₄ returnsthe list {B₁, B₂}.

As additional functionality, each server program of an interactiveservice executed on a server machine determines if a user who has aprocessing and memorizing unit having as processing and memorizing unitidentifier UTM, is entitled to access a restricted access resource.Thus, the server program authorizes or refuses access to said restrictedaccess resource and if access is authorized, encrypts at least in partthe response to the request.

The following description in relation to FIG. 3 makes explicit theprocess according to the invention enabling a user to access aninteractive service belonging to only one cluster at a time. In theillustrated example, it is considered that the user wishes to access theinteractive service having as service identifier S₁ belonging to thecluster having as cluster identifier B₁.

A user wishing to access a resource belonging to an interactive servicehaving as service identifier S₁, must have a processing and memorizingunit 30 corresponding to the access to said service, i.e. a processingand memorizing unit associated to the cluster having as clusteridentifier B₁.

When the processing and memorizing unit 30 is linked up to the clientmachine 20, the corresponding client program reads in the processing andmemorizing unit which is linked up to it:

-   -   the cluster identifier BU. In the considered example, BU is        equal to B₁,    -   and the processing and memorizing identifier UTM. In the        considered example, UTM is equal to 123.

The client program submits to the server program for the service havingas service identifier S₁, a first request RQ₁. Inasmuch as the clientprogram does not know yet whether the server program belongs to acluster or not, the request sent is a standard request identical to theone sent by a standard client program.

The server program for the service, having received the access requestRQ₁, sends at least once within the response RP₁ to the client programwhich has submitted the request RQ₁ to it, the list of clustersidentifiers BS_(j). In the considered example, the list is constitutedby only one element and is therefore represented by {B₁}.

The client program which receives the response RP₁ containing at leastone list of clusters identifiers BS_(j), memorizes a relation betweenthe service identifier S₁ corresponding to the service to which therequest RQ₁ has been submitted and each cluster identifier BS_(j). Inthe illustrated example, the list has only one element and the clientprogram memorizes one relation between the service identifier S₁ and thecluster identifier B₁.

When the user wishes to access again the interactive service having asservice identifier S_(i), the client program prepares a second accessrequest RQ₂. At the time of the establishing of said second accessrequest RQ₂, the client program determines if it has memorized at leastone relation between the concerned service identifier S_(i) and acluster identifier BS_(j).

In the case where no relation is found, the client program sends arequest similar to the request RQ₁. In the case where a clusteridentifier BS_(j) is found, the client program compares said clusteridentifier BS_(j) with the cluster identifier BU coming from theprocessing and memorizing unit. If there is no equality between thecluster identifier BS_(j) and the cluster identifier BU, the clientprogram sends a request similar to the request RQ₁. If the clusteridentifier BS_(j) and the cluster identifier BU are equal, the clientprogram adds to its request RQ₂, the processing and memorizing unitidentifier UTM.

In the illustrated example, at the time of the sending of the requestRQ₂ to the interactive service having as service identifier S₁, theclient program detects that it has memorized a relation between S₁ andB₁, so much so that it compares B₁ with the cluster identifier BU comingfrom its processing and memorizing unit. Since the processing andmemorizing unit also contains the cluster identifier B₁, the clientprogram adds to its request RQ₂, the processing and memorizing unitidentifier UTM which, in the example, is equal to 123.

When the server program receives a request RQ₂ containing a processingand memorizing unit identifier UTM and corresponding to a request ofaccess to a restricted access resource, the server program determineswhether or not the user owning the processing and memorizing unit isentitled to access the restricted access resource. The server programdetermines that authorization by using at least the service identifierS_(i) corresponding to the requested service and the processing andmemorizing unit identifier UTM. So as to do so, the server programconsults, for instance, a database including for the considered servicethe list of the processing and memorizing unit identifiers UTMauthorized to access the requested restricted access resource.

In the case where the server program concludes that the user is notentitled to access the restricted access resource, the server programsends to the client program a response RP₂ corresponding to a refusedaccess.

In the case where the server program concludes that the user is entitledto access the restricted access resource, is carried out thedetermination of an encryption key KE corresponding to the decryptionkey KD contained in the processing and memorizing unit having asprocessing and memorizing unit identifier UTM. Said encryption key KE isdetermined using at least the processing and memorizing unit identifierUTM.

The server program then encrypts at least in part, the response to therequest of access to the restricted access resource by using theencryption key KE, so as to obtain an encrypted response RP₂. The serverprogram then returns to the client program, said encrypted response RP₂.It must be understood that when the server program encrypts, at least inpart, a response, said server program generally encrypts preferentially,at least in part, the content of said response.

In the illustrated example, the server program detects in the requestRQ₂, the presence of a processing and memorizing unit identifier namelyUTM=123. As it happens that the request RQ₂ corresponds to a request ofaccess to a restricted access resource, the server program determinesusing at least the service identifier S₁ and the processing andmemorizing unit identifier 123, that access is authorized. The serverprogram then determines the encryption key KE using at least theprocessing and memorizing unit identifier 123. For instance, theencryption key KE is equal to 45678. The server program encrypts usingsaid key KE, at least in part the response to the request of access RQ₂.

When the client program receives the encrypted response RP₂, the clientprogram decrypts said encrypted response with the help of the decryptionkey KD contained in the processing and memorizing unit which is linkedup to it. The client program then presents the user with the response tohis request as if it had reached him non encrypted.

In the example described in FIG. 3, the process according to theinvention enables a user to access an interactive service belonging toonly one cluster at a time. FIG. 4 makes explicit the process accordingto the invention enabling a user to access an interactive servicebelonging simultaneously to several clusters of services. In theillustrated example, it is considered that the user wishes to access theinteractive service having as service identifier S₄, being part of twoclusters having as clusters identifiers B₁ and B₂.

A user wishing to access a resource belonging to the interactive servicehaving as service identifier S₄, must have for at least one of theclusters B₁ or B₂, a processing and memorizing unit 30 enabling toaccess that cluster. In the example of FIG. 4, it is supposed that theuser has at least one processing and memorizing unit associated to thecluster having as cluster identifier B₂. (The description would besimilar if the user had a processing and memorizing unit associated tothe cluster having as cluster identifier B₁.)

When the processing and memorizing unit 30 is linked up to the clientmachine 20, the corresponding client program reads in the processing andmemorizing unit which is linked up to it:

-   -   the cluster identifier BU. In the considered example, BU is        equal to B₂,    -   and the processing and memorizing unit identifier UTM. In the        considered example, UTM is equal to 234.

After the sending by the client program of a first request RQ₁ for theinteractive service having as service identifier S₄ to the serverprogram for said service, said server program for the service havingreceived the request of access RQ₁, sends at least once within theresponse RP₁, to the client program which has submitted the request RQ₁to it, the list of clusters identifiers BS_(j). In the consideredexample, the list is constituted by two elements and is thereforerepresented by {B₁, B₂}.

The client program which receives the response RP₁ containing at leastone list of clusters identifiers BS_(j), memorizes a relation betweenthe service identifier S_(i) corresponding to the service to which therequest RQ₁ has been submitted and each cluster identifier BS_(j). Inthe considered example, the list has two elements and the client programmemorizes, on the one hand, a relation between the service identifier S₄and the cluster identifier B₁ and, on the other hand, a relation betweenthe service identifier S₄ and the cluster identifier B₂.

When the user wishes to access again the interactive service having asservice identifier S_(i), the client program prepares a second accessrequest RQ₂. At the time of the establishing of said second accessrequest RQ₂, the client program determines if it has memorized at leastone relation between the concerned service identifier S_(i) and acluster identifier BS_(j).

In the case where no relation is found, the client program sends arequest similar to the request RQ₁. In the case where one or severalclusters identifiers BS_(j) are found, the client program compares saidcluster(s) identifier(s) BS_(j) with the cluster identifier BU comingfrom the processing and memorizing unit. If there is no equality betweenthe cluster(s) identifier(s) BS_(j) and the cluster identifier BU, theclient program sends a request similar to the request RQ₁. If equalityis found between a cluster identifier BS_(j) and the cluster identifierBU, the client program adds to its request RQ₂, the processing andmemorizing unit identifier UTM and the cluster identifier BU.

In the illustrated example, at the time of the sending of the requestRQ₂ to the interactive service having as service identifier S₄, theclient program detects that it has memorized a relation between S₄ andB₁ and a relation between S₄ and B₂. The client program then comparesthe cluster identifier BU coming from its processing and memorizingunit, respectively with the clusters identifiers B₁ and B₂. Since theprocessing and memorizing unit linked up to the client machine containsthe cluster identifier B₂, the client program adds to its request RQ₂,the processing and memorizing unit identifier UTM and the clusteridentifier BU, which, in the example, are respectively equal to 234 andB₂.

When the server program receives a request RQ₂ containing a processingand memorizing unit identifier UTM and a cluster identifier BU, andcorresponding to a request of access to a restricted access resource,the server program determines whether or not the user owning theprocessing and memorizing unit is entitled to access the restrictedaccess resource. The server program determines that authorization byusing at least the cluster identifier BU, the service identifier S_(i)corresponding to the requested service and the processing and memorizingunit identifier UTM.

In the case where the server program concludes that the user is notentitled to access the restricted access resource, the server programsends to the client program a response RP₂ corresponding to the refusedaccess.

In the case where the server program concludes that the user is entitledto access the restricted access resource, is carried out thedetermination of an encryption key KE corresponding to the decryptionkey KD contained in the processing and memorizing unit having asprocessing and memorizing unit identifier UTM and as cluster identifierBU. Said encryption key KE is determined using at least the clusteridentifier BU and the processing and memorizing unit identifier UTM.

The server program then encrypts, at least in part, the response to therequest of access to the restricted access resource by using theencryption key KE, so as to obtain an encrypted response RP₂. The serverprogram then returns to the client program said encrypted response RP₂.

In the illustrated example, the server program detects in the requestRQ₂, on the one hand, the presence of a processing and memorizing unitidentifier UTM, namely UTM=234 and, on the other hand, a clusteridentifier BU, namely B₂. As it happens that the request RQ₂ correspondsto a request of access to a restricted access resource, the serverprogram determines that access is authorized using at least the serviceidentifier S₄, the cluster identifier B₂ and the processing andmemorizing unit identifier 234. The server program then determines theencryption key KE using at least the cluster identifier B₂ and theprocessing and memorizing unit identifier 234. For instance, theencryption key KE is equal to 56789. The server program encrypts usingsaid key KE, at least in part the response to the request of access RQ₂.

As explained in relation to FIG. 3, when the client program receives theencrypted response RP₂, the client program decrypts said encryptedresponse with the help of the decryption key KD contained in theprocessing and memorizing unit which is linked up to it. The clientprogram then presents the user with the response to his request as if ithad reached him non encrypted.

As it emerges from the previous description, the process according tothe invention enables to authenticate in a simple and reliable manner,thanks to the implementation of processing and memorizing units, a userwishing to access restricted access resources of interactive servicesbelonging to one or several clusters of services.

According to a characteristic of implementation of the invention, theprocess can enable to link up simultaneously several processing andmemorizing units 30 ₁, with 1 varying from 1 to L, to the client machine20 of a user. According to that variant embodiment, the processaccording to the invention is modified in the following manner.

The client program is adapted to read, in each of the processing andmemorizing units which are linked up to it:

-   -   the cluster identifier BU₁,    -   and the processing and memorizing unit identifier UTM₁.

When the client program sends a request to a service having as serviceidentifier S_(i), the client program determines if it has memorized atleast one relation between the concerned service identifier S_(i) and acluster identifier BS_(j). In the case where a cluster identifier BS_(j)is found, the client program compares said cluster identifier BS_(j)with the clusters identifiers BU₁ coming from the processing andmemorizing units.

If equality is found, the client program adds to the sent request, theprocessing and memorizing unit identifier UTM₁ having checked theequality.

When the client program sends a request to a service having as serviceidentifier S_(i) and for which it has memorized at least two clustersidentifiers BS_(j), the client program compares the clusters identifiersBS_(j) with the clusters identifiers BU₁ coming from the processing andmemorizing units.

If a least one equality is found, the client program:

-   -   chooses one of the processing and memorizing units having        checked an equality,    -   and adds to the request sent by the client program, the chosen        processing and memorizing unit identifier UTM₁ and the        corresponding cluster identifier BU₁.

When the client program receives an encrypted response, the clientprogram must find the processing and memorizing unit whose identifierUTM₁ has been transmitted during the request corresponding to saidresponse. The three following preferred implementations are possible:

-   -   the client program memorizes the processing and memorizing unit        identifier which is transmitted during a request and is able to        find said identifier during the response,    -   the server program returns to the client program within the        response, the processing and memorizing unit identifier UTM₁        received in the request, thus enabling the client program to        find said identifier,    -   the client program questions each of the processing and        memorizing units, so as to find the processing and memorizing        unit to use.

When the processing and memorizing unit is found, the client programdecrypts the encrypted response using the decryption key KD₁ containedin the processing and memorizing unit thus found.

In the previous description, the process aims at determining whether ornot the user is entitled to access a restricted access resource. It mustbe considered that said determination can be carried out:

-   -   either only through the server program,    -   or through the server program helped by a remote auxiliary        program.

Said remote auxiliary program can run on a machine distinct from theserver machine for a service. According to a preferred embodiment, itcan be planned to gather together on a same machine the remote auxiliaryprograms of all the services of a cluster, so as to centralize theaccess rights management.

In the previous description, the process consists in determining theencryption key KE. Note that the determination of said encryption key KEcan be carried out:

-   -   either only through the server program,    -   or through a server program helped by a remote auxiliary        program.

According to a variant embodiment of the invention, the encryption keyKE can be determined:

-   -   either through the server program associated to a processing and        memorizing unit,    -   or through the server program using a remote auxiliary program        and a processing and memorizing unit.

According to another variant embodiment of the invention, it can beplanned to associate to each processing and memorizing unit:

-   -   at least one meter enabling to count accesses to restricted        access resources, made by the user owning a processing and        memorizing unit,    -   and a threshold for said meter.

Each server program for a service which receives a request of access toa restricted access resource, consults the values of the meter andthreshold associated to the processing and memorizing unit used to sendthe request, so as to determine whether said request should be served ornot. If the request is served, the server program possibly updates themeter's value.

According to a preferred variant embodiment of the invention, the meteris situated in a machine which centralizes the management of themetering of accesses to restricted access resources.

According to another variant embodiment of the invention, each processand memorizing unit comprises or includes:

-   -   a meter enabling to count the use of the decryption key KD,    -   and a threshold for said meter.

Such a meter is updated every time the decryption key KD is used and thedecrypting of the encrypted responses received by the client program isforbidden when the meter reaches or exceeds the threshold.

1. A process to restrict, to a benefit of authorized users, access to atleast one resource belonging to at least one interactive service of atleast one cluster of services, each said authorized user having a clientmachine capable of executing a client program adapted to exchange, usinga transmission network, data with a server program associated to eachsaid interactive service, each said interactive service being identifiedby a service identifier and said interactive service being provided byrequests sent by said client program to said server program whichprocesses each of said reguests and returns to said client program aresponse for each said requests, characterized in that the processincludes the following steps: (a) for each said cluster, putting at adisposal of each of said authorized users, a processing and memorizingunit designed to be linked up to said client machine of said authorizeduser when requesting to access at least one said restricted accessresource, said processing and memorizing unit including: (1) a clusteridentifier determining the cluster to which said processing andmemorizing unit belongs, (2) a processing and memorizing unit identifiercharacterizing said processing and memorizing unit put at a disposal ofsaid authorized user, and (3) a decryption key allowing to decrypt theinformation coming from any of said services of said determined cluster,(b) enabling each said client program, to read inside said processingand memorizing unit which is linked up to it: (1) said clusteridentifier, (2) and said processing and memorizing unit identifier, (c)sending inside a first response, by said server program for saidservice, at least once to any said client program which has submitted afirst request for said service, a list of clusters identifiersdetermining to which cluster(s) the service to which said first requestwas submitted belongs, (d) memorizing by each said client program whichreceives said list of clusters identifiers in response to said firstrequest for said service having a service identifier, a relation betweeneach said cluster identifier and said service identifier, (e)determining, prior to the sending of a second request to said servicehaving said service identifier, if said client program has memorized atleast one relation between any cluster identifier and said serviceidentifier and in the case where: (1) any cluster identifier is found,comparing it with said cluster identifier coming from said processingand memorizing unit and if they are equal, adding to said second requestto be sent by said client program, said processing and memorizing unitidentifier, (f) when said server program receives said second requestfor said service, containing said processing and memorizing unitidentifier and which requests to access said restricted access resource,determining by using at least said service identifier and saidprocessing and memorizing unit identifier, if said user who owns saidprocessing and memorizing unit is entitled to access said resource, andif said user: (1) is not entitled to access said resource, returning tosaid client program by said server program, a second responsecorresponding to a refused access, (2) is entitled to access saidresource: (i) determining using at least said processing and memorizingunit identifier, an encryption key corresponding to said decryption keycontained in said processing and memorizing unit linked up to saidclient machine of said user who has sent said second request, (ii)encrypting by said server program, at least in part, a second responseto said second request of access to said restricted access resourceusing said encryption key, so as to obtain an encrypted second response,(iii) and returning to said client program by said server program, saidencrypted second response, (g) and when said client program receivessaid encrypted second response: (1) decrypting said encrypted secondresponse received by said client program using said decryption keycontained in said processing and memorizing unit linked up to it, (2)and presenting said user with the response to his request, as if saidsecond response had reached him non encrypted.
 2. Process according toclaim 1, characterized in that it comprises: (a) determining, prior tosending any request to said service, if said client program hasmemorized at least one said relation between said cluster identifier andsaid service identifier, and in the case where: (1) several saidclusters identifiers are found, comparing said clusters identifiers withsaid cluster identifier coming from said processing and memorizing unitand if an equality is found, adding said cluster identifier to said anyrequest to be sent by said client program and already containing saidprocessing and memorizing unit identifier, (b) when said server programreceives said any request for said service containing said processingand memorizing unit identifier and said cluster identifier and whichrequests to access said restricted access resource, determining by usingat least said cluster identifier, said service identifier and saidprocessing and memorizing unit identifier if said user who owns saidprocessing and memorizing unit is entitled to access said resource, andif said user: (1) is not entitled to access said resource, returning tosaid client program by said server program, a response corresponding toa refused access, (2) is entitled to access said resource: (i)determining using at least said cluster identifier and said processingand memorizing unit identifier an encryption key corresponding to saiddecryption key contained in said processing and memorizing unit linkedup to said client machine of said user who has sent said any request,(ii) encrypting by said server program, at least in part, a response tosaid any request of access to said restricted access resource using saidencryption key, so as to obtain an encrypted response, (iii) andreturning to said client program by said server program, said encryptedresponse.
 3. Process according to claims 1 or 2, characterized in thatit comprises: (a) enabling to link up simultaneously several saidprocessing and memorizing units, to said client machine of at least onesaid user, (b) enabling each said client program of said client machineto read inside each said processing and memorizing units which arelinked up to it: (1) said cluster identifier, (2) said processing andmemorizing unit identifier, (c) determining prior to the sending of anyrequest to said service having said service identifier, if said clientprogram has memorized at least one said relation between said clusteridentifier and said service identifier and in the case where: (1) onesaid cluster identifier is found, comparing said cluster identifier withthe clusters identifiers coming from said processing and memorizingunits and if an equality is found, adding to said any request sent bysaid client program, the processing and memorizing unit identifierhaving realized said equality, (2) several said clusters identifiers arefound, comparing said clusters identifiers with the clusters identifierscoming from said processing and memorizing units and if at least oneequality is found: (i) choosing one of said processing and memorizingunits having realized an equality, (ii) and adding to said any requestsent by said client program, the chosen processing and memorizing unitidentifier and the corresponding cluster identifier, (d) when saidclient program receives an encrypted response: (1) finding theprocessing and memorizing unit whose identifier has been transmittedduring the request corresponding to said response, (2) decrypting saidencrypted response received by said client program using the decryptionkey contained in the processing and memorizing unit thus found. 4.Process according to claim 1 or 2, characterized in that it comprisesdetermining whether or not said user is entitled to access saidrestricted access resource: (a) either only through said server program,(b) or through said server program using a remote auxiliary program. 5.Process according to claim 1 or 2, characterized in that it comprisesdetermining said encryption key: (a) either only through said serverprogram, (b) or through said server program using a remote auxiliaryprogram.
 6. Process according to claim 5, characterized in that itcomprises determining said encryption key: (a) either through saidserver program and a server processing and memorizing unit, (b) orthrough said server program using said remote auxiliary program and aserver processing and memorizing unit.
 7. Process according to claims 1or 2, characterized in that it comprises: (a) associating to each saidprocessing and memorizing unit: (1) at least one meter enabling to countaccesses to said restricted access resources made by said user owningsaid processing and memorizing unit, (2) a threshold for said meter, (b)enabling each said server program for said service, which receives arequest of access to said restricted access resource: (1) to consult thevalues of said meter and said threshold associated to the processing andmemorizing unit used to send said request, so as to determine whethersaid request should be served or not, (2) and if said request is served,to possibly update the meter's value.
 8. Process according to claims 1or 2, characterized in that it comprises: (a) integrating to each saidprocessing and memorizing unit: (1) a meter enabling to count the use ofthe decryption key, (2) a threshold for said meter, (b) updating saidmeter every time said decryption key is used, (c) and preventingdecryption of an encrypted responses received by said client programwhen said meter reaches or exceeds said threshold.
 9. Processing andmemorizing unit for the implementation of the process according toclaims 1 or 2, characterized in that it includes at least: (a) a clusteridentifier enabling to determine the cluster to which said processingand memorizing unit belongs, (b) a processing and memorizing unitidentifier enabling to characterize said processing and memorizing unitput at the user's disposal, (c) and a decryption key enabling thedecrypting of information coming from a service of the cluster. 10.Processing and memorizing unit according to claim 9, characterized inthat it includes: (a) a meter enabling to count the use of saiddecryption key, (b) a threshold for said meter.
 11. Client machine ofthe computer type, characterized in that it includes means to execute aclient program implementing the steps of the process in accordance withclaim 1 or
 2. 12. Server machine of the data processing type,characterized in that it includes means to execute a server programimplementing the steps of the process in accordance with claim 1 or 2.13. Client program to access at least one restricted access resourcebelonging to at least one interactive service, comprising meansprogrammed to carry out the steps of the process in accordance withclaim 1 or 2, when said client program is executed on a client machine.14. Server program for interactive service comprising means programmedto carry out the steps of the process in accordance with claim 1 or 2,when said server program is executed on a server machine.